Environment

Situation

Access Manager customer has
Identity (IDP) server and Administration server running on seperate
boxes. Everything was working fine on the Access Manager 3 Interim
release 2 code. After they upgraded to the Support Pack 1 beta 1
code, they were unable to modify any configuration for the Identity
Server in the Admin console.

As soon as any change to the IDP server was made, and they clicked
the button to save, the following error was reported on the
browser:

Error: System Error The system encountered an unknown error.
Please contact Novell Support.

com.novell.nidp.admin.model.NidsAdminException:
com.novell.admin.ns.NamespaceException: INVALID_ATTRIBUTE\n at
com.novell.nidp.admin.model.NidsObject.setAttribute(NidsObject.java:1287)\n
at
com.novell.nidp.admin.model.NidsServer.setUpdateStatus(NidsServer.java:370)\n
at
com.novell.admin.nids.common.NidsConfigWrapper.setUpdateStatus(Unknown
Source)\n at
com.novell.admin.nids.common.NidsConfigWrapper.updateConfigObject(Unknown
Source)\n at
com.novell.admin.nids.common.PropertyPage_TrustedProviders.D(Unknown
Source)\n at
com.novell.admin.nids.common.PropertyPage_TrustedProviders.cachePage(Unknown
Source)\n at com.novell.admin.nids.util.UIContext.B(Unknown
Source)\n at com.novell.admin.nids.util.UIContext.execute(Unknown
Source)\n at
com.novell.admin.nids.IdentityServer_OverviewWizard.execute(Unknown
Source)\n at com.novell.emframe.dev.Task.execute(Task.java:490)\n
at
com.novell.nps.gadgetManager.BaseGadgetInstance.processRequest(BaseGadgetInstance.java:849)\n
at
com.novell.nps.gadgetManager.BaseGadgetInstance.handleAction(BaseGadgetInstance.java:2375)\n
at
com.novell.nps.gadgetManager.GadgetManager.processInstanceRequest(GadgetManager.java:1596)\n
at
com.novell.nps.gadgetManager.GadgetManager.processServiceRequest(GadgetManager.java:1052)\n
at
com.novell.nps.PortalServlet.handleFrameService(PortalServlet.java:496)\n
at
com.novell.nps.PortalServlet.processRequest(PortalServlet.java:369)\n
at com.novell.nps.PortalServlet.doPost(PortalServlet.java:275)\n at
javax.servlet.http.HttpServlet.service(HttpServlet.java:716)...

Looking at the content of the app_sc log file (available from
Auditing TAB of Admin Console), the following error was logged at
the same time

2007(L)application.sc.core(T)18(C)com.volera.vcdn.application.sc.core.VException(M)(E)javax.naming.directory.SchemaViolationException:
[LDAP: error code 65 - NDS error: illegal attribute (-608)];
remaining name '' at
com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3019) at
com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2934) at
com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2740) at
com.sun.jndi.ldap.LdapCtx.c_modifyAttributes(LdapCtx.java:1373) at
com.sun.jndi.toolkit.ctx.ComponentDirContext.p_modifyAttributes(ComponentDirContext.java:235) at
com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:147) at
com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:136) at
com.volera.vcdn.application.sc.core.DeviceInfo.getUpdateStatus(y:2794) at
com.volera.vcdn.application.sc.core.DeviceInfo.setUpdateStatus(y:1590) at
com.volera.vcdn.application.sc.core.DeviceInfo.calculateUpdateStatus(y:1281) at
com.volera.vcdn.application.sc.command.work.DeviceCommandWork.commandStarted(y:2946) at
com.volera.vcdn.application.sc.command.work.IDPCommandWork.K(y:3175) at
com.volera.vcdn.application.sc.command.work.IDPCommandWork.execute(y:3345) at
com.volera.vcdn.platform.executor.DefaultExecutor$ExecutionThread.run(y:2896)
(Msg) 2007-06-19T19:31:04Z SEVERE DeviceManager:
AM#100905083: Error creating an entry in the datastore.

Resolution

Rerun the installation of the Administration server again.

Turns out that the upgrade process had failed and administrator
received no warning. Looking at the upgrade files in the
/tmp/novell_access_manager/ directory, the eDir one gave the clue
of the botched install ...

The eDir upgrade had not be done successfully and the resulting
schema updates were never applied. When we tried to apply any new
object or attribute, it failed with the schema violation error
reported.